diff options
| author | Alex Rudyy <orudyy@apache.org> | 2013-04-19 16:16:20 +0000 |
|---|---|---|
| committer | Alex Rudyy <orudyy@apache.org> | 2013-04-19 16:16:20 +0000 |
| commit | 1a0733c7cebe1349e8f4dbe0dd28d3eebf3a326b (patch) | |
| tree | 4ba0056fa5b697ba77189870c74a91799306da57 /java/broker-plugins | |
| parent | 03222bbf6ff76ce66d3ab8a07f3edf46fae05ad5 (diff) | |
| download | qpid-python-1a0733c7cebe1349e8f4dbe0dd28d3eebf3a326b.tar.gz | |
QPID-4753: move ACL config from broker attribute to a top level entity
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1469937 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'java/broker-plugins')
16 files changed, 703 insertions, 70 deletions
diff --git a/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControl.java b/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControl.java index 6f7885da94..451b1f9c40 100644 --- a/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControl.java +++ b/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControl.java @@ -29,6 +29,7 @@ import javax.security.auth.Subject; import org.apache.commons.configuration.ConfigurationException; import org.apache.commons.lang.ObjectUtils; import org.apache.log4j.Logger; +import org.apache.qpid.server.configuration.IllegalConfigurationException; import org.apache.qpid.server.security.Result; import org.apache.qpid.server.security.SecurityManager; import org.apache.qpid.server.security.AccessControl; @@ -44,6 +45,7 @@ public class DefaultAccessControl implements AccessControl private static final Logger _logger = Logger.getLogger(DefaultAccessControl.class); private RuleSet _ruleSet; + private File _aclFile; public DefaultAccessControl(String fileName) { @@ -51,10 +53,8 @@ public class DefaultAccessControl implements AccessControl { _logger.debug("Creating AccessControl instance using file: " + fileName); } - File aclFile = new File(fileName); - ConfigurationFile configFile = new PlainConfiguration(aclFile); - _ruleSet = configFile.load(); + _aclFile = new File(fileName); } DefaultAccessControl(RuleSet rs) throws ConfigurationException @@ -62,6 +62,45 @@ public class DefaultAccessControl implements AccessControl _ruleSet = rs; } + public void open() + { + if(_aclFile != null) + { + if (!_aclFile.exists()) + { + throw new IllegalConfigurationException("ACL file '" + _aclFile + "' is not found"); + } + + ConfigurationFile configFile = new PlainConfiguration(_aclFile); + _ruleSet = configFile.load(); + } + } + + @Override + public void close() + { + //no-op + } + + @Override + public void onDelete() + { + //no-op + } + + @Override + public void onCreate() + { + //verify file exists + if(_aclFile != null) + { + if (!_aclFile.exists()) + { + throw new IllegalConfigurationException("ACL file '" + _aclFile + "' is not found"); + } + } + } + public Result getDefault() { return _ruleSet.getDefault(); @@ -119,4 +158,5 @@ public class DefaultAccessControl implements AccessControl return Result.DENIED; } } + } diff --git a/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControlFactory.java b/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControlFactory.java index a3d7823caf..f4e041a8d2 100644 --- a/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControlFactory.java +++ b/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControlFactory.java @@ -20,40 +20,60 @@ */ package org.apache.qpid.server.security.access.plugins; -import java.io.File; +import static org.apache.qpid.server.security.access.FileAccessControlProviderConstants.ACL_FILE_PROVIDER_TYPE; +import static org.apache.qpid.server.security.access.FileAccessControlProviderConstants.PATH; +import static org.apache.qpid.server.util.MapValueConverter.getStringAttribute; + +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; import java.util.Map; import org.apache.qpid.server.configuration.IllegalConfigurationException; import org.apache.qpid.server.plugin.AccessControlFactory; import org.apache.qpid.server.security.AccessControl; +import org.apache.qpid.server.util.ResourceBundleLoader; public class DefaultAccessControlFactory implements AccessControlFactory { - public static final String ATTRIBUTE_ACL_FILE = "aclFile"; + public static final String RESOURCE_BUNDLE = "org.apache.qpid.server.security.access.plugins.FileAccessControlProviderAttributeDescriptions"; + + public static final Collection<String> ATTRIBUTES = Collections.<String> unmodifiableList(Arrays.asList( + ATTRIBUTE_TYPE, + PATH + )); - public AccessControl createInstance(Map<String, Object> aclConfiguration) + public AccessControl createInstance(Map<String, Object> attributes) { - if (aclConfiguration != null) + if(attributes == null || !ACL_FILE_PROVIDER_TYPE.equals(attributes.get(ATTRIBUTE_TYPE))) + { + return null; + } + + String path = getStringAttribute(PATH, attributes, null); + if (path == null || "".equals(path.trim())) { - Object aclFile = aclConfiguration.get(ATTRIBUTE_ACL_FILE); - if (aclFile != null) - { - if (aclFile instanceof String) - { - String aclPath = (String) aclFile; - if (!new File(aclPath).exists()) - { - throw new IllegalConfigurationException("ACL file '" + aclPath + "' is not found"); - } - return new DefaultAccessControl(aclPath); - } - else - { - throw new IllegalConfigurationException("Expected '" + ATTRIBUTE_ACL_FILE + "' attribute value of type String but was " + aclFile.getClass() - + ": " + aclFile); - } - } + throw new IllegalConfigurationException("Path to ACL was not specified!"); } - return null; + + return new DefaultAccessControl(path); + } + + @Override + public String getType() + { + return ACL_FILE_PROVIDER_TYPE; + } + + @Override + public Collection<String> getAttributeNames() + { + return ATTRIBUTES; + } + + @Override + public Map<String, String> getAttributeDescriptions() + { + return ResourceBundleLoader.getResources(RESOURCE_BUNDLE); } } diff --git a/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/FileAccessControlProviderAttributeDescriptions.properties b/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/FileAccessControlProviderAttributeDescriptions.properties new file mode 100644 index 0000000000..e847e90f57 --- /dev/null +++ b/java/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/FileAccessControlProviderAttributeDescriptions.properties @@ -0,0 +1,19 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +path=File location*
\ No newline at end of file diff --git a/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControlFactoryTest.java b/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControlFactoryTest.java index ca1f19098f..2c55652f04 100644 --- a/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControlFactoryTest.java +++ b/java/broker-plugins/access-control/src/test/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControlFactoryTest.java @@ -6,7 +6,9 @@ import java.util.Map; import java.util.regex.Pattern; import org.apache.qpid.server.configuration.IllegalConfigurationException; +import org.apache.qpid.server.model.GroupProvider; import org.apache.qpid.server.security.AccessControl; +import org.apache.qpid.server.security.access.FileAccessControlProviderConstants; import org.apache.qpid.test.utils.QpidTestCase; import org.apache.qpid.test.utils.TestFileUtils; @@ -25,8 +27,10 @@ public class DefaultAccessControlFactoryTest extends QpidTestCase File aclFile = TestFileUtils.createTempFile(this, ".acl", "ACL ALLOW all all"); DefaultAccessControlFactory factory = new DefaultAccessControlFactory(); Map<String, Object> attributes = new HashMap<String, Object>(); - attributes.put(DefaultAccessControlFactory.ATTRIBUTE_ACL_FILE, aclFile.getAbsolutePath()); + attributes.put(GroupProvider.TYPE, FileAccessControlProviderConstants.ACL_FILE_PROVIDER_TYPE); + attributes.put(FileAccessControlProviderConstants.PATH, aclFile.getAbsolutePath()); AccessControl acl = factory.createInstance(attributes); + acl.open(); assertNotNull("ACL was not created from acl file: " + aclFile.getAbsolutePath(), acl); } @@ -37,33 +41,17 @@ public class DefaultAccessControlFactoryTest extends QpidTestCase assertFalse("ACL file " + aclFile.getAbsolutePath() + " actually exists but should not", aclFile.exists()); DefaultAccessControlFactory factory = new DefaultAccessControlFactory(); Map<String, Object> attributes = new HashMap<String, Object>(); - attributes.put(DefaultAccessControlFactory.ATTRIBUTE_ACL_FILE, aclFile.getAbsolutePath()); + attributes.put(GroupProvider.TYPE, FileAccessControlProviderConstants.ACL_FILE_PROVIDER_TYPE); + attributes.put(FileAccessControlProviderConstants.PATH, aclFile.getAbsolutePath()); try { - factory.createInstance(attributes); - fail("It should not be possible to create ACL from non existing file"); + AccessControl control = factory.createInstance(attributes); + control.open(); + fail("It should not be possible to create and initialise ACL with non existing file"); } catch (IllegalConfigurationException e) { - assertTrue("Unexpected exception message", Pattern.matches("ACL file '.*' is not found", e.getMessage())); - } - } - - public void testCreateInstanceWhenAclFileIsSpecifiedAsNonString() - { - DefaultAccessControlFactory factory = new DefaultAccessControlFactory(); - Map<String, Object> attributes = new HashMap<String, Object>(); - Integer aclFile = new Integer(0); - attributes.put(DefaultAccessControlFactory.ATTRIBUTE_ACL_FILE, aclFile); - try - { - factory.createInstance(attributes); - fail("It should not be possible to create ACL from Integer"); - } - catch (IllegalConfigurationException e) - { - assertEquals("Unexpected exception message", "Expected '" + DefaultAccessControlFactory.ATTRIBUTE_ACL_FILE - + "' attribute value of type String but was " + Integer.class + ": " + aclFile, e.getMessage()); + assertTrue("Unexpected exception message: " + e.getMessage(), Pattern.matches("ACL file '.*' is not found", e.getMessage())); } } } diff --git a/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java b/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java index b87b1c76f0..2fc54482a4 100644 --- a/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java +++ b/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/HttpManagement.java @@ -47,6 +47,7 @@ import org.apache.qpid.server.management.plugin.servlet.rest.MessageServlet; import org.apache.qpid.server.management.plugin.servlet.rest.RestServlet; import org.apache.qpid.server.management.plugin.servlet.rest.SaslServlet; import org.apache.qpid.server.management.plugin.servlet.rest.StructureServlet; +import org.apache.qpid.server.model.AccessControlProvider; import org.apache.qpid.server.model.AuthenticationProvider; import org.apache.qpid.server.model.Binding; import org.apache.qpid.server.model.Broker; @@ -283,6 +284,7 @@ public class HttpManagement extends AbstractPluginAdapter implements HttpManagem addRestServlet(root, "broker"); addRestServlet(root, "virtualhost", VirtualHost.class); addRestServlet(root, "authenticationprovider", AuthenticationProvider.class); + addRestServlet(root, "accesscontrolprovider", AccessControlProvider.class); addRestServlet(root, "user", AuthenticationProvider.class, User.class); addRestServlet(root, "groupprovider", GroupProvider.class); addRestServlet(root, "group", GroupProvider.class, Group.class); diff --git a/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/HelperServlet.java b/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/HelperServlet.java index 626dfa1d6c..a7066c73d8 100644 --- a/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/HelperServlet.java +++ b/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/HelperServlet.java @@ -31,6 +31,7 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.qpid.server.management.plugin.servlet.rest.action.ListAccessControlProviderAttributes; import org.apache.qpid.server.management.plugin.servlet.rest.action.ListAuthenticationProviderAttributes; import org.apache.qpid.server.management.plugin.servlet.rest.action.ListGroupProviderAttributes; import org.apache.qpid.server.management.plugin.servlet.rest.action.ListMessageStoreTypes; @@ -55,6 +56,8 @@ public class HelperServlet extends AbstractServlet _actions.put(listMessageStoreTypes.getName(), listMessageStoreTypes); Action groupProviderAttributes = new ListGroupProviderAttributes(); _actions.put(groupProviderAttributes.getName(), groupProviderAttributes); + Action aclProviderAttributes = new ListAccessControlProviderAttributes(); + _actions.put(aclProviderAttributes.getName(), aclProviderAttributes); } @Override diff --git a/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/action/ListAccessControlProviderAttributes.java b/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/action/ListAccessControlProviderAttributes.java new file mode 100644 index 0000000000..6887217016 --- /dev/null +++ b/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/action/ListAccessControlProviderAttributes.java @@ -0,0 +1,76 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.qpid.server.management.plugin.servlet.rest.action; + +import java.util.HashMap; +import java.util.Map; +import java.util.TreeMap; + +import org.apache.qpid.server.management.plugin.servlet.rest.Action; +import org.apache.qpid.server.model.Broker; +import org.apache.qpid.server.plugin.AccessControlFactory; +import org.apache.qpid.server.plugin.QpidServiceLoader; + +public class ListAccessControlProviderAttributes implements Action +{ + private static final String ATTRIBUTES = "attributes"; + private static final String DESCRIPTIONS = "descriptions"; + private Map<String, AccessControlFactory> _factories; + + public ListAccessControlProviderAttributes() + { + _factories = new TreeMap<String, AccessControlFactory>(); + Iterable<AccessControlFactory> factories = new QpidServiceLoader<AccessControlFactory>() + .instancesOf(AccessControlFactory.class); + for (AccessControlFactory factory : factories) + { + _factories.put(factory.getType(), factory); + } + } + + @Override + public String getName() + { + return ListAccessControlProviderAttributes.class.getSimpleName(); + } + + @Override + public Object perform(Map<String, Object> request, Broker broker) + { + Map<String, Object> attributes = new TreeMap<String, Object>(); + for (String providerType : _factories.keySet()) + { + AccessControlFactory factory = _factories.get(providerType); + + Map<String, Object> data = new HashMap<String, Object>(); + data.put(ATTRIBUTES, factory.getAttributeNames()); + Map<String, String> resources = factory.getAttributeDescriptions(); + if (resources != null) + { + data.put(DESCRIPTIONS, resources); + } + + attributes.put(factory.getType(), data); + } + return attributes; + } + +} diff --git a/java/broker-plugins/management-http/src/main/java/resources/accesscontrolprovider/showAclFile.html b/java/broker-plugins/management-http/src/main/java/resources/accesscontrolprovider/showAclFile.html new file mode 100644 index 0000000000..182e651a51 --- /dev/null +++ b/java/broker-plugins/management-http/src/main/java/resources/accesscontrolprovider/showAclFile.html @@ -0,0 +1,24 @@ +<!-- + - + - Licensed to the Apache Software Foundation (ASF) under one + - or more contributor license agreements. See the NOTICE file + - distributed with this work for additional information + - regarding copyright ownership. The ASF licenses this file + - to you under the Apache License, Version 2.0 (the + - "License"); you may not use this file except in compliance + - with the License. You may obtain a copy of the License at + - + - http://www.apache.org/licenses/LICENSE-2.0 + - + - Unless required by applicable law or agreed to in writing, + - software distributed under the License is distributed on an + - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + - KIND, either express or implied. See the License for the + - specific language governing permissions and limitations + - under the License. + - + --> +<div class="AclFileProvider"> + <span style="">Path:</span><span class="path" style="position:absolute; left:6em"></span> + <br/> +</div> diff --git a/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/AccessControlProvider.js b/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/AccessControlProvider.js new file mode 100644 index 0000000000..fd8a3ecb0e --- /dev/null +++ b/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/AccessControlProvider.js @@ -0,0 +1,131 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +define(["dojo/_base/xhr", + "dojo/parser", + "dojo/query", + "dojo/_base/connect", + "qpid/common/properties", + "qpid/common/updater", + "qpid/common/util", + "qpid/common/UpdatableStore", + "dojox/grid/EnhancedGrid", + "dijit/registry", + "dojo/_base/event", + "dojox/grid/enhanced/plugins/Pagination", + "dojox/grid/enhanced/plugins/IndirectSelection", + "dojo/domReady!"], + function (xhr, parser, query, connect, properties, updater, util, UpdatableStore, EnhancedGrid, registry, event) { + + function AccessControlProvider(name, parent, controller) { + this.name = name; + this.controller = controller; + this.modelObj = { type: "accesscontrolprovider", name: name }; + if(parent) { + this.modelObj.parent = {}; + this.modelObj.parent[ parent.type] = parent; + } + } + + AccessControlProvider.prototype.getTitle = function() { + return "AccessControlProvider: " + this.name ; + }; + + AccessControlProvider.prototype.open = function(contentPane) { + var that = this; + this.contentPane = contentPane; + xhr.get({url: "showAccessControlProvider.html", + sync: true, + load: function(data) { + contentPane.containerNode.innerHTML = data; + parser.parse(contentPane.containerNode); + + that.accessControlProviderUpdater = new AccessControlProviderUpdater(contentPane.containerNode, that.modelObj, that.controller); + + var deleteButton = query(".deleteAccessControlProviderButton", contentPane.containerNode)[0]; + var deleteWidget = registry.byNode(deleteButton); + connect.connect(deleteWidget, "onClick", + function(evt){ + event.stop(evt); + that.deleteAccessControlProvider(); + }); + }}); + }; + + AccessControlProvider.prototype.close = function() { + if (this.accessControlProviderUpdater.details) + { + this.accessControlProviderUpdater.details.close(); + } + }; + + AccessControlProvider.prototype.deleteAccessControlProvider = function() { + if(confirm("Are you sure you want to delete access control provider '" + this.name + "'?")) { + var query = "rest/accesscontrolprovider/" +encodeURIComponent(this.name); + this.success = true + var that = this; + xhr.del({url: query, sync: true, handleAs: "json"}).then( + function(data) { + that.close(); + that.contentPane.onClose() + that.controller.tabContainer.removeChild(that.contentPane); + that.contentPane.destroyRecursive(); + }, + function(error) {that.success = false; that.failureReason = error;}); + if(!this.success ) { + alert("Error:" + this.failureReason); + } + } + }; + + function AccessControlProviderUpdater(node, groupProviderObj, controller) + { + this.controller = controller; + this.name = query(".name", node)[0]; + this.type = query(".type", node)[0]; + this.query = "rest/accesscontrolprovider/"+encodeURIComponent(groupProviderObj.name); + + var that = this; + + xhr.get({url: this.query, sync: properties.useSyncGet, handleAs: "json"}) + .then(function(data) + { + that.accessControlProviderData = data[0]; + + util.flattenStatistics( that.accessControlProviderData ); + + that.updateHeader(); + + var ui = that.accessControlProviderData.type; + require(["qpid/management/accesscontrolprovider/"+ ui], + function(SpecificProvider) { + that.details = new SpecificProvider(query(".providerDetails", node)[0], groupProviderObj, controller); + }); + }); + } + + AccessControlProviderUpdater.prototype.updateHeader = function() + { + this.name.innerHTML = this.accessControlProviderData[ "name" ]; + this.type.innerHTML = this.accessControlProviderData[ "type" ]; + }; + + return AccessControlProvider; + }); diff --git a/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Broker.js b/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Broker.js index e5631745a8..7ce2e1c0c1 100644 --- a/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Broker.js +++ b/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/Broker.js @@ -33,6 +33,7 @@ define(["dojo/_base/xhr", "qpid/management/addPort", "qpid/management/addKeystore", "qpid/management/addGroupProvider", + "qpid/management/addAccessControlProvider", "dojox/grid/enhanced/plugins/Pagination", "dojox/grid/enhanced/plugins/IndirectSelection", "dijit/layout/AccordionContainer", @@ -43,7 +44,7 @@ define(["dojo/_base/xhr", "dijit/form/CheckBox", "dojo/store/Memory", "dojo/domReady!"], - function (xhr, parser, query, connect, properties, updater, util, UpdatableStore, EnhancedGrid, registry, addAuthenticationProvider, addVirtualHost, addPort, addKeystore, addGroupProvider) { + function (xhr, parser, query, connect, properties, updater, util, UpdatableStore, EnhancedGrid, registry, addAuthenticationProvider, addVirtualHost, addPort, addKeystore, addGroupProvider, addAccessControlProvider) { function Broker(name, parent, controller) { this.name = name; @@ -80,15 +81,6 @@ define(["dojo/_base/xhr", name: "defaultVirtualHost"}) } }, { - name: "aclFile", - createWidget: function(brokerData) { - return new dijit.form.ValidationTextBox({ - required: false, - value: brokerData.aclFile, - label: "ACL file location:", - name: "aclFile"}) - } - }, { name: "statisticsReportingPeriod", createWidget: function(brokerData) { return new dijit.form.ValidationTextBox({ @@ -473,6 +465,21 @@ define(["dojo/_base/xhr", warning + "Are you sure you want to delete group provider"); } ); + + var addAccessControlButton = query(".addAccessControlProvider", contentPane.containerNode)[0]; + connect.connect(registry.byNode(addAccessControlButton), "onClick", + function(evt){addAccessControlProvider.show();}); + + var deleteAccessControlProviderButton = query(".deleteAccessControlProvider", contentPane.containerNode)[0]; + connect.connect(registry.byNode(deleteAccessControlProviderButton), "onClick", + function(evt){ + util.deleteGridSelections( + that.brokerUpdater, + that.brokerUpdater.accessControlProvidersGrid.grid, + "rest/accesscontrolprovider", + "Are you sure you want to delete access control provider"); + } + ); }}); }; @@ -626,7 +633,20 @@ define(["dojo/_base/xhr", that.controller.show("groupprovider", name, brokerObj); }); }, gridProperties, EnhancedGrid); - + var aclData = that.brokerData.accesscontrolproviders ? that.brokerData.accesscontrolproviders :[]; + that.accessControlProvidersGrid = + new UpdatableStore(aclData, query(".broker-access-control-providers")[0], + [ { name: "Name", field: "name", width: "60%"}, + { name: "Type", field: "type", width: "40%"} + ], function(obj) { + connect.connect(obj.grid, "onRowDblClick", obj.grid, + function(evt){ + var idx = evt.rowIndex, + theItem = this.getItem(idx); + var name = obj.dataStore.getValue(theItem,"name"); + that.controller.show("accesscontrolprovider", name, brokerObj); + }); + }, gridProperties, EnhancedGrid); }); xhr.get({url: "rest/logrecords", sync: properties.useSyncGet, handleAs: "json"}) @@ -725,6 +745,11 @@ define(["dojo/_base/xhr", { that.groupProvidersGrid.update(that.brokerData.groupproviders); } + if (that.accessControlProvidersGrid) + { + var data = that.brokerData.accesscontrolproviders ? that.brokerData.accesscontrolproviders :[]; + that.accessControlProvidersGrid.update(data); + } }); diff --git a/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/accesscontrolprovider/AclFile.js b/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/accesscontrolprovider/AclFile.js new file mode 100644 index 0000000000..56f92c2025 --- /dev/null +++ b/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/accesscontrolprovider/AclFile.js @@ -0,0 +1,95 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +define(["dojo/_base/xhr", + "dojo/dom", + "dojo/parser", + "dojo/query", + "dojo/dom-construct", + "dojo/_base/connect", + "dojo/_base/window", + "dojo/_base/event", + "dojo/_base/json", + "dijit/registry", + "qpid/common/util", + "qpid/common/properties", + "qpid/common/updater", + "qpid/common/UpdatableStore", + "dojox/grid/EnhancedGrid", + "dojox/grid/enhanced/plugins/Pagination", + "dojox/grid/enhanced/plugins/IndirectSelection", + "dojox/validate/us", "dojox/validate/web", + "dijit/Dialog", + "dijit/form/TextBox", + "dijit/form/ValidationTextBox", + "dijit/form/TimeTextBox", "dijit/form/Button", + "dijit/form/Form", + "dijit/form/DateTextBox", + "dojo/domReady!"], + function (xhr, dom, parser, query, construct, connect, win, event, json, registry, util, properties, updater, UpdatableStore, EnhancedGrid) { + function AclFile(containerNode, aclProviderObj, controller) { + var node = construct.create("div", null, containerNode, "last"); + var that = this; + this.name = aclProviderObj.name; + xhr.get({url: "accesscontrolprovider/showAclFile.html", + sync: true, + load: function(data) { + node.innerHTML = data; + parser.parse(node); + + that.groupDatabaseUpdater= new AclFileUpdater(node, aclProviderObj, controller); + + updater.add( that.groupDatabaseUpdater); + + that.groupDatabaseUpdater.update(); + + + }}); + } + + AclFile.prototype.close = function() { + updater.remove( this.groupDatabaseUpdater ); + }; + + function AclFileUpdater(node, aclProviderObj, controller) + { + this.controller = controller; + this.query = "rest/accesscontrolprovider/"+encodeURIComponent(aclProviderObj.name); + this.name = aclProviderObj.name; + this.path = query(".path", node)[0]; + } + + AclFileUpdater.prototype.update = function() + { + var that = this; + + xhr.get({url: this.query, sync: properties.useSyncGet, handleAs: "json"}) + .then(function(data) { + if (data[0]) + { + that.aclProviderData = data[0]; + that.path.innerHTML = that.aclProviderData.path; + } + }); + + }; + + return AclFile; + }); diff --git a/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addAccessControlProvider.js b/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addAccessControlProvider.js new file mode 100644 index 0000000000..d20897c1d8 --- /dev/null +++ b/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/addAccessControlProvider.js @@ -0,0 +1,177 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +define(["dojo/_base/lang", + "dojo/_base/xhr", + "dojo/dom", + "dojo/dom-construct", + "dijit/registry", + "dojo/parser", + "dojo/_base/array", + "dojo/_base/event", + 'dojo/_base/json', + "qpid/common/util", + "dojo/store/Memory", + "dojox/validate/us", + "dojox/validate/web", + "dijit/Dialog", + "dijit/form/CheckBox", + "dijit/form/Textarea", + "dijit/form/ComboBox", + "dijit/form/TextBox", + "dijit/form/ValidationTextBox", + "dijit/form/Button", + "dijit/form/Form", + "dijit/layout/ContentPane", + "dojox/layout/TableContainer", + "dojo/domReady!"], + function (lang, xhr, dom, construct, registry, parser, array, event, json, util) { + + var addAccessControlProvider = {}; + + addAccessControlProvider.show = function(accessControlProvider) { + var fields = [{ + name: "name", + createWidget: function(accessControlProvider) { + return new dijit.form.ValidationTextBox({ + required: true, + value: accessControlProvider.name, + disabled: accessControlProvider.name ? true : false, + label: "Name*:", + regexp: "^[\x20-\x2e\x30-\x7F]{1,255}$", + name: "name"}); + } + }, { + name: "type", + createWidget: function(accessControlProvider) { + + var typeContainer = construct.create("div"); + + var typeListContainer = new dojox.layout.TableContainer({ + cols: 1, + "labelWidth": "300", + customClass: "formLabel", + showLabels: true, + orientation: "horiz" + }); + + typeContainer.appendChild(typeListContainer.domNode); + + var providers = []; + var fieldSetContainers = {}; + xhr.get({ + url: "rest/helper?action=ListAccessControlProviderAttributes", + handleAs: "json", + sync: true + }).then( + function(data) { + var providerIndex = 0; + + for (var providerType in data) { + if (data.hasOwnProperty(providerType)) { + providers[providerIndex++] = {id: providerType, name: providerType}; + + var attributes = data[providerType].attributes; + var descriptions = data[providerType].descriptions; + + var layout = new dojox.layout.TableContainer( { + cols: 1, + "labelWidth": "300", + customClass: "formLabel", + showLabels: true, + orientation: "horiz" + }); + + for(var i=0; i < attributes.length; i++) { + if ("type" == attributes[i]) + { + continue; + } + var labelValue = attributes[i]; + if (descriptions && descriptions[attributes[i]]) + { + labelValue = descriptions[attributes[i]]; + } + var text = new dijit.form.TextBox({ + label: labelValue + ":", + name: attributes[i] + }); + layout.addChild(text); + } + + typeContainer.appendChild(layout.domNode); + fieldSetContainers[providerType] = layout; + } + } + }); + + var providersStore = new dojo.store.Memory({ data: providers }); + + var typeList = new dijit.form.FilteringSelect({ + required: true, + value: accessControlProvider.type, + store: providersStore, + label: "Type*:", + name: "type"}); + + typeListContainer.addChild(typeList); + + var onChangeHandler = function onChangeHandler(newValue){ + for (var i in fieldSetContainers) { + var container = fieldSetContainers[i]; + var descendants = container.getChildren(); + for(var i in descendants){ + var descendant = descendants[i]; + var propName = descendant.name; + if (propName) { + descendant.set("disabled", true); + } + } + container.domNode.style.display = "none"; + } + var container = fieldSetContainers[newValue]; + if (container) + { + container.domNode.style.display = "block"; + var descendants = container.getChildren(); + for(var i in descendants){ + var descendant = descendants[i]; + var propName = descendant.name; + if (propName) { + descendant.set("disabled", false); + } + } + } + }; + typeList.on("change", onChangeHandler); + onChangeHandler(typeList.value); + return new dijit.layout.ContentPane({content: typeContainer, style:{padding: 0}}); + } + }]; + + util.showSetAttributesDialog( + fields, + accessControlProvider ? accessControlProvider : {}, + "rest/accesscontrolprovider" + (name ? "/" + encodeURIComponent(name.name) : ""), + accessControlProvider ? "Edit access control provider - " + accessControlProvider.name : "Add access control provider", + accessControlProvider ? false : true); + }; + return addAccessControlProvider; + });
\ No newline at end of file diff --git a/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/controller.js b/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/controller.js index c4114739c0..e8a381777f 100644 --- a/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/controller.js +++ b/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/controller.js @@ -31,15 +31,17 @@ define(["dojo/dom", "qpid/management/group/Group", "qpid/management/KeyStore", "qpid/management/TrustStore", + "qpid/management/AccessControlProvider", "dojo/ready", "dojo/domReady!"], - function (dom, registry, ContentPane, Broker, VirtualHost, Exchange, Queue, Connection, AuthProvider, GroupProvider, Group, KeyStore, TrustStore, ready) { + function (dom, registry, ContentPane, Broker, VirtualHost, Exchange, Queue, Connection, AuthProvider, GroupProvider, Group, KeyStore, TrustStore, AccessControlProvider, ready) { var controller = {}; var constructors = { broker: Broker, virtualhost: VirtualHost, exchange: Exchange, queue: Queue, connection: Connection, authenticationprovider: AuthProvider, groupprovider: GroupProvider, - group: Group, keystore: KeyStore, truststore: TrustStore }; + group: Group, keystore: KeyStore, truststore: TrustStore, + accesscontrolprovider: AccessControlProvider}; var tabDiv = dom.byId("managedViews"); diff --git a/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/treeView.js b/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/treeView.js index f96fc13a03..7bb52b938f 100644 --- a/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/treeView.js +++ b/java/broker-plugins/management-http/src/main/java/resources/js/qpid/management/treeView.js @@ -281,6 +281,8 @@ define(["dojo/_base/xhr", controller.show("keystore", details.keystore, {broker: {type:"broker", name:""}}); } else if (details.type == 'truststore') { controller.show("truststore", details.truststore, {broker: {type:"broker", name:""}}); + } else if (details.type == 'accesscontrolprovider') { + controller.show("accesscontrolprovider", details.accesscontrolprovider, {broker: {type:"broker", name:""}}); } }; diff --git a/java/broker-plugins/management-http/src/main/java/resources/showAccessControlProvider.html b/java/broker-plugins/management-http/src/main/java/resources/showAccessControlProvider.html new file mode 100644 index 0000000000..399425a7de --- /dev/null +++ b/java/broker-plugins/management-http/src/main/java/resources/showAccessControlProvider.html @@ -0,0 +1,31 @@ +<!-- + - + - Licensed to the Apache Software Foundation (ASF) under one + - or more contributor license agreements. See the NOTICE file + - distributed with this work for additional information + - regarding copyright ownership. The ASF licenses this file + - to you under the Apache License, Version 2.0 (the + - "License"); you may not use this file except in compliance + - with the License. You may obtain a copy of the License at + - + - http://www.apache.org/licenses/LICENSE-2.0 + - + - Unless required by applicable law or agreed to in writing, + - software distributed under the License is distributed on an + - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + - KIND, either express or implied. See the License for the + - specific language governing permissions and limitations + - under the License. + - + --> +<div class="accessControlProvider"> + <span style="">Name:</span><span class="name" style="position:absolute; left:6em"></span> + <br/> + <span style="">Type:</span><span class="type" style="position:absolute; left:6em"></span> + <br/> + <div class="providerDetails"></div> + <div class="dijitDialogPaneActionBar"> + <input class="deleteAccessControlProviderButton" type="button" value="Delete Access Control provider" label="Delete Access Control Provider" dojoType="dijit.form.Button" /> + </div> +</div> +<br/>
\ No newline at end of file diff --git a/java/broker-plugins/management-http/src/main/java/resources/showBroker.html b/java/broker-plugins/management-http/src/main/java/resources/showBroker.html index 4acf42da46..15f7faf318 100644 --- a/java/broker-plugins/management-http/src/main/java/resources/showBroker.html +++ b/java/broker-plugins/management-http/src/main/java/resources/showBroker.html @@ -53,18 +53,10 @@ <div class="formLabel-labelCell" style="float:left; width: 250px;">Broker store location:</div> <div id="brokerAttribute.storePath" style="float:left;"></div> </div> - <div id="brokerAttribute.defaultAuthenticationProvider.container" style="display: none; clear:both"> - <div class="formLabel-labelCell" style="float:left; width: 250px;">Default authentication provider:</div> - <div id="brokerAttribute.defaultAuthenticationProvider" style="float:left;"></div> - </div> <div id="brokerAttribute.defaultVirtualHost.container" style="display: none; clear:both; clear:both;"> <div class="formLabel-labelCell" style="float:left; width: 250px;">Default virtual host:</div> <div id="brokerAttribute.defaultVirtualHost" style="float:left;"></div> </div> - <div id="brokerAttribute.aclFile.container" style="display: none; clear:both"> - <div class="formLabel-labelCell" style="float:left; width: 250px;">ACL file location:</div> - <div id="brokerAttribute.aclFile" style="float:left;"></div> - </div> <div id="brokerAttribute.statisticsReportingPeriod.container" style="display: none; clear:both"> <div class="formLabel-labelCell" style="float:left; width: 250px;">Statistics reporting period:</div> <div id="brokerAttribute.statisticsReportingPeriod" style="float:left;"></div> @@ -191,6 +183,12 @@ <button data-dojo-type="dijit.form.Button" class="deleteGroupProvider">Delete Group Provider</button> </div> <br/> + <div data-dojo-type="dijit.TitlePane" data-dojo-props="title: 'Access Control Providers'"> + <div class="broker-access-control-providers"></div> + <button data-dojo-type="dijit.form.Button" class="addAccessControlProvider">Add Access Control Provider</button> + <button data-dojo-type="dijit.form.Button" class="deleteAccessControlProvider">Delete Access Control Provider</button> + </div> + <br/> <div data-dojo-type="dijit.TitlePane" data-dojo-props="title: 'Log File', open: false"> <div class="broker-logfile"></div> </div> |